Technical Field
This disclosure relates generally to deploying applications in a distributed computing environment. More specifically, it relates to hardening servers in a cloud environment, or otherwise, from malicious attacks by obfuscating the CPUs instruction set.
Background of the Related Art
An emerging information technology (IT) delivery model is cloud computing, by which shared resources, software and information are provided over the Internet to computers and other devices on-demand. Cloud computing can significantly reduce IT costs and complexities while improving workload optimization and service delivery. With this approach, an application instance can be hosted and made available from Internet-based resources that are accessible through a conventional Web browser over HTTP. An example application might be one that provides a common set of messaging functions, such as email, calendaring, contact management, and instant messaging. A user would then access the service directly over the Internet. Using this service, an enterprise would place its email, calendar and/or collaboration infrastructure in the cloud, and an end user would use an appropriate client to access his or her email, or perform a calendar operation.
Cloud computing resources are typically housed in large server farms that run network applications. Although these resources are often provisioned via a virtualized architecture wherein applications run inside virtual servers, or so-called “virtual machines” (VMs), that are mapped onto physical servers in a data center facility one embodiment of this invention is primarily aimed at the portion of the market where a cloud consumer buys direct and singular access to the physical hardware. The virtual machines typically run on top of a hypervisor, which is a control program that allocates physical resources to the virtual machines. While this invention can be used with a hypervisor, there are some restrictions.
Software is never 100% safe, as new defects and vulnerabilities are discovered every day. Cloud application packages are no different; indeed, often just a few days after an application package has been published into the cloud, it may already contain new vulnerabilities. Security and resistance to untargeted attacks, such as viruses, Trojans and worms, is an issue on cloud servers. In a server farm, the individual machines are typically replicas of one another. Thus, if there is a flaw in the replicated servers' defenses, a successful intrusion on one machine can infect or take over all copies of it in the cloud environment. The similarity of the servers also permits hackers who obtain access to or a dump of one server to work out how to attack other servers running the same application. While current cloud solutions provide numerous advantages, there remains a need to address the problem of deploying applications that can be exploited by later-discovered or post-deployment vulnerabilities or other defects.